* [dpdk-dev] [RFC v2] mem: poison memory when freed
@ 2018-07-19 16:20 Stephen Hemminger
2018-07-19 17:08 ` Andrew Rybchenko
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Stephen Hemminger @ 2018-07-19 16:20 UTC (permalink / raw)
To: dev; +Cc: Stephen Hemminger
DPDK malloc library allows broken programs to work because
the semantics of zmalloc and malloc are the same.
This patch enables a more secure model which will catch
(and crash) programs that reuse memory already freed if
RTE_MALLOC_DEBUG is enabled.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---
v2
- keep original behavior unless RTE_MALLOC_DEBUG is enabled.
lib/librte_eal/common/malloc_elem.c | 17 ++++++++++++++---
lib/librte_eal/common/rte_malloc.c | 8 +++++++-
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
index efcb82677198..6fc63c53a75d 100644
--- a/lib/librte_eal/common/malloc_elem.c
+++ b/lib/librte_eal/common/malloc_elem.c
@@ -23,6 +23,16 @@
#include "malloc_elem.h"
#include "malloc_heap.h"
+/* If debugging is enabled, freed memory is set to poison value
+ * to catch buggy programs. Otherwise, freed memory is zerod
+ * to avoid having to zero in zmalloc
+ */
+#ifdef RTE_MALLOC_DEBUG
+#define MALLOC_POISON 0x6b
+#else
+#define MALLOC_POISON 0
+#endif
+
size_t
malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
{
@@ -476,7 +486,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
join_elem(elem, elem->next);
/* erase header, trailer and pad */
- memset(erase, 0, erase_len);
+ memset(erase, MALLOC_POISON, erase_len);
}
/*
@@ -500,7 +510,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
join_elem(new_elem, elem);
/* erase header, trailer and pad */
- memset(erase, 0, erase_len);
+ memset(erase, MALLOC_POISON, erase_len);
elem = new_elem;
}
@@ -531,7 +541,8 @@ malloc_elem_free(struct malloc_elem *elem)
/* decrease heap's count of allocated elements */
elem->heap->alloc_count--;
- memset(ptr, 0, data_len);
+ /* poison memory */
+ memset(ptr, MALLOC_POISON, data_len);
return elem;
}
diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
index b51a6d111bde..ed253149bb6b 100644
--- a/lib/librte_eal/common/rte_malloc.c
+++ b/lib/librte_eal/common/rte_malloc.c
@@ -70,7 +70,13 @@ rte_malloc(const char *type, size_t size, unsigned align)
void *
rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
{
- return rte_malloc_socket(type, size, align, socket);
+ void *ptr = rte_malloc_socket(type, size, align, socket);
+
+#ifndef RTE_MALLOC_DEBUG
+ if (ptr != NULL)
+ memset(ptr, 0, size);
+#endif
+ return ptr;
}
/*
--
2.18.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [RFC v2] mem: poison memory when freed
2018-07-19 16:20 [dpdk-dev] [RFC v2] mem: poison memory when freed Stephen Hemminger
@ 2018-07-19 17:08 ` Andrew Rybchenko
2018-07-19 17:09 ` Andrew Rybchenko
2018-07-20 13:09 ` Burakov, Anatoly
2 siblings, 0 replies; 4+ messages in thread
From: Andrew Rybchenko @ 2018-07-19 17:08 UTC (permalink / raw)
To: Stephen Hemminger, dev
On 19.07.2018 19:20, Stephen Hemminger wrote:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch enables a more secure model which will catch
> (and crash) programs that reuse memory already freed if
> RTE_MALLOC_DEBUG is enabled.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
I like the idea, so
Acked-by: Andrew Rybchenko <arybchenko@solarflare.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [RFC v2] mem: poison memory when freed
2018-07-19 16:20 [dpdk-dev] [RFC v2] mem: poison memory when freed Stephen Hemminger
2018-07-19 17:08 ` Andrew Rybchenko
@ 2018-07-19 17:09 ` Andrew Rybchenko
2018-07-20 13:09 ` Burakov, Anatoly
2 siblings, 0 replies; 4+ messages in thread
From: Andrew Rybchenko @ 2018-07-19 17:09 UTC (permalink / raw)
To: Stephen Hemminger, dev
On 19.07.2018 19:20, Stephen Hemminger wrote:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch enables a more secure model which will catch
> (and crash) programs that reuse memory already freed if
> RTE_MALLOC_DEBUG is enabled.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
>
> v2
> - keep original behavior unless RTE_MALLOC_DEBUG is enabled.
>
> lib/librte_eal/common/malloc_elem.c | 17 ++++++++++++++---
> lib/librte_eal/common/rte_malloc.c | 8 +++++++-
> 2 files changed, 21 insertions(+), 4 deletions(-)
>
> diff --git a/lib/librte_eal/common/malloc_elem.c b/lib/librte_eal/common/malloc_elem.c
> index efcb82677198..6fc63c53a75d 100644
> --- a/lib/librte_eal/common/malloc_elem.c
> +++ b/lib/librte_eal/common/malloc_elem.c
> @@ -23,6 +23,16 @@
> #include "malloc_elem.h"
> #include "malloc_heap.h"
>
> +/* If debugging is enabled, freed memory is set to poison value
> + * to catch buggy programs. Otherwise, freed memory is zerod
> + * to avoid having to zero in zmalloc
> + */
> +#ifdef RTE_MALLOC_DEBUG
> +#define MALLOC_POISON 0x6b
> +#else
> +#define MALLOC_POISON 0
> +#endif
> +
> size_t
> malloc_elem_find_max_iova_contig(struct malloc_elem *elem, size_t align)
> {
> @@ -476,7 +486,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
> join_elem(elem, elem->next);
>
> /* erase header, trailer and pad */
> - memset(erase, 0, erase_len);
> + memset(erase, MALLOC_POISON, erase_len);
> }
>
> /*
> @@ -500,7 +510,7 @@ malloc_elem_join_adjacent_free(struct malloc_elem *elem)
> join_elem(new_elem, elem);
>
> /* erase header, trailer and pad */
> - memset(erase, 0, erase_len);
> + memset(erase, MALLOC_POISON, erase_len);
>
> elem = new_elem;
> }
> @@ -531,7 +541,8 @@ malloc_elem_free(struct malloc_elem *elem)
> /* decrease heap's count of allocated elements */
> elem->heap->alloc_count--;
>
> - memset(ptr, 0, data_len);
> + /* poison memory */
> + memset(ptr, MALLOC_POISON, data_len);
>
> return elem;
> }
> diff --git a/lib/librte_eal/common/rte_malloc.c b/lib/librte_eal/common/rte_malloc.c
> index b51a6d111bde..ed253149bb6b 100644
> --- a/lib/librte_eal/common/rte_malloc.c
> +++ b/lib/librte_eal/common/rte_malloc.c
> @@ -70,7 +70,13 @@ rte_malloc(const char *type, size_t size, unsigned align)
> void *
> rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket)
> {
> - return rte_malloc_socket(type, size, align, socket);
> + void *ptr = rte_malloc_socket(type, size, align, socket);
> +
> +#ifndef RTE_MALLOC_DEBUG
It should be #ifdef above.
> + if (ptr != NULL)
> + memset(ptr, 0, size);
> +#endif
> + return ptr;
> }
>
> /*
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [dpdk-dev] [RFC v2] mem: poison memory when freed
2018-07-19 16:20 [dpdk-dev] [RFC v2] mem: poison memory when freed Stephen Hemminger
2018-07-19 17:08 ` Andrew Rybchenko
2018-07-19 17:09 ` Andrew Rybchenko
@ 2018-07-20 13:09 ` Burakov, Anatoly
2 siblings, 0 replies; 4+ messages in thread
From: Burakov, Anatoly @ 2018-07-20 13:09 UTC (permalink / raw)
To: Stephen Hemminger, dev
On 19-Jul-18 5:20 PM, Stephen Hemminger wrote:
> DPDK malloc library allows broken programs to work because
> the semantics of zmalloc and malloc are the same.
>
> This patch enables a more secure model which will catch
> (and crash) programs that reuse memory already freed if
> RTE_MALLOC_DEBUG is enabled.
>
> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
> ---
Making it not default behavior makes it suitable for inclusion without
deprecation notices IMO.
Reviewed-by: Anatoly Burakov <anatoly.burakov@intel.com>
--
Thanks,
Anatoly
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-07-20 13:09 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-19 16:20 [dpdk-dev] [RFC v2] mem: poison memory when freed Stephen Hemminger
2018-07-19 17:08 ` Andrew Rybchenko
2018-07-19 17:09 ` Andrew Rybchenko
2018-07-20 13:09 ` Burakov, Anatoly
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).